CVE-2019-13025 PoC — Compal CH7465LG 输入验证错误漏洞

Source

https://github.com/x1tan/CVE-2019-13025

Associated Vulnerability

Title:Compal CH7465LG 输入验证错误漏洞 (CVE-2019-13025)
Description:Compal CH7465LG是中国台湾仁宝电脑工业（Compal）公司的一款无线路由器。使用CH7465LG-NCIP-6.12.18.24-5p8-NOSH版本固件的Compal CH7465LG中存在输入验证错误漏洞。攻击者可借助特制HTTP POST请求利用该漏洞在系统上执行任意命令。

Description

Connect Box CH7465LG (CVE-2019-13025)

Readme

# Connect Box CH7465LG (CVE-2019-13025)

# Information

This repository contains two PoCs for the `Connect Box CH7465LG` running on Firmware `CH7465LG-NCIP-6.12.18.24-5p8-NOSH` or older.

For more information have a look at [my blog](https://xitan.me/posts/connect-box-ch7465lg-rce/).

# Usage

## Unauthenticated Remote Code Execution

> $ python3 poc-rce.py <router_ip> <command>

## Unauthenticated Information Disclosure

> $ python3 poc-information-dump.py <router_ip>

# Credits

xitan 2019.

File Snapshot


 [4.0K]  /data/pocs/33d473258050649316ac3d46f754ea2e27a5c193
├── [1.3K]  poc-information-dump.py
├── [ 924]  poc-rce.py
├── [ 497]  README.md
└── [ 116]  requirements.txt

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!